JP2011512573A - Abstraction functions in mobile handsets - Google Patents

Abstract

The present invention uses the abstraction function module (200 or 1400) to protect the sensitive network information available in the handset (80) connected to the network (112) from leakage to unauthorized servers ( 80), and computer software and methods. The method includes receiving an encoding key (KE) from the abstraction server (210) in the abstraction function module (200 or 1400) and sensitive network information from the control plane module (100 or 1420) of the handset (80). Receiving the request from the client or application (106) in the abstraction function module (200 or 1400), in which case the client or application (106) receives the control plane module (100 or 1420). ) In a different user plane module (104 or 1410), the confidential network information is stored in the control plane module (100 or 1420) of the handset (80), and the control plane module Both the user interface module (100 or 1420) and the user plane module (104 or 1410) receive the request to exist in the handset (80), and the abstract function module (200 or 1400) retrieving from the control plane module (100 or 1420), and encrypting the retrieved confidential network information by the abstract function module (200 or 1400) based on the received encoding key (KE). Providing the encrypted sensitive network information to a client or application (106) in the user plane module (104 or 1410).

Description

  The present application relates generally to communication systems, devices, and methods, and more particularly to mobile communication devices, services, and software for protecting confidential information from leakage to unauthorized third parties.

  Services on mobile phones, as well as mobile handsets (which also refer to devices built into PCs, laptops, vehicles, etc.) have made great progress over the last decade. In the late 1980s and 1990s, when 3GPP standardized GSM and then standardized 3G, circuit-switched calls and subsequent short message service (SMS) were primarily the only available services. Since then, mobile handsets and networks have continued to evolve, and can run both local applications and browser-based services connected to networks that provide high enough bandwidth to take advantage of TV and interactive multimedia. Created powerful devices. In addition to the increasing bandwidth and the need to provide a viable technical platform and transport technology for multimedia services, for example, packet switched networks utilizing the Internet Protocol (IP) as the underlying technology It is becoming the dominant platform for mobile communications services. There are several reasons why this trend continues to be supported by most parties in the telecommunications business. One reason is that third parties will begin to develop applications for such systems, which may be the key to the expected success of next-generation technologies, as in the Internet. Becomes higher. Another reason is that IP provides a cheaper technical platform for utilizing features. This provides a significant scale advantage. This is because the technology used by the IT industry is cheaper than the conventional communication technology.

  In addition, in an operator's network, including IP connectivity and so-called “thin” clients (such as relatively limited processing and / or memory resources), along with increased bandwidth Relatively “thicker” clients that have functions that were previously implemented as tightly integrated functions and that use a control channel for communication (eg, have relatively more resources) On the handset and can be used as an application arranged in the IP area within the network of the communication carrier (or even outside the network of the communication carrier). In other words, since the function of the conventional thin client is limited, the logic circuit at the time of service depends on the network, at least one of the server and the proxy side instead of relying on the mobile handset. To be. Typical examples of thin clients include traditional browsers and / or SMS / MMS based services. However, along with the development of more modern mobile handsets, more chic clients (ie Java / Symbian / iPhone applications) have logic circuits that have some differences in the number executed on the clients, And it is not executed in at least one of the network and the server. This is also true for next generation web environments with more modern browsers such as Google Gear and Android. There is a frequent need for information to be transferred between clients and servers in order for “thicker” clients to communicate with servers in the network. Such information includes, for example, information regarding at least one of a network function and a unique function in the handset. Therefore, an interface and a protocol that enable such information exchange are required. This function and information, to a large extent, is often referred to as the so-called “control plane” of a communication system, whereas communication between a client associated with a handset and a server in the network (eg IP Communication performed based on packet-based technology such as is generally called “user plane”.

  There are a plurality of interfaces having the function of acquiring data related to the unique functions of the handset and network information stored in the control plane within the handset. These data and network information are what the carrier does not want to share with unauthorized users or unauthorized servers. Such an interface is generally based on an operating system (OS) that provides most of the unique functions available in the handset. Examples of OS include Symbian, Nokia Series 60, Windows (registered trademark) Mobile, and Linux. These OSs can provide services and information interfaces available in the control plane. Examples of such services and information include call control, SMS / MMS services, network information such as the base station ID to which the handset is currently connected, neighbor list and active / passive set. ) Is included. The active set includes 3G base stations that are candidate base stations for soft handover, and the handset decodes the pilots of these base stations to enable execution of the handover. The passive set includes 3G base stations that can be heard by the handset, but these 3G base stations are not candidate base stations for soft handover. The handset does not decode these pilots to the same extent as it does for the active set. In addition to the interfaces provided by the OS, Java (J2ME) or other runtime environments can also be used extensively to allow Java applications to access services and information obtained from the control plane. Provides a standard set of standardized interfaces.

  On the other hand, Open Mobile Alliance (OMA) standardizes service enablers based on user plane signaling due to the fact that user plane based services generally mean lower investment costs and shorter time to market did. An example of a user plane based service is user plane based positioning standardized in OMA Secure User Plane Location (SUPL). In SUPL, a SUPL client of a terminal can access network information and a positioning function. The client can communicate with the SUPL server using IP and the provided IP address.

  This type of architecture presents certain problems and challenges to be challenged. Because the interface connected to the control plane provides a mechanism for obtaining information from the control plane to the user plane service, this information may be exported to entities outside the operator's domain. However, some of the information obtained from the control plane can be sensitive and can be misused by the carrier's external entities, so these interfaces allow the carrier to Risks and sometimes security risks may be introduced. Because various services and clients require information provided by these interfaces, information must be provided to legitimate services and / or clients. As at least one of such a legitimate service and a client, for example, there is a service and a client that have established a contract for receiving confidential network information with a communication carrier. Examples of such confidential network information include a cell ID and a neighbor list (that is, a list including at least one of a neighboring base station and a neighboring cell of a predetermined cell). For services such as OMA SUPL positioning and IP multimedia subsystem services, the user plane client needs information from the control plane to function properly. Therefore, the process of hiding information obtained from the control plane from everyone except the communication carrier is not a solution.

  If information such as the cell ID is available by an application in the user plane, other parties other than the carrier monitor the information and register this information (for example, to gain business benefits This information can be used to compete with the carrier. As an example used for such competition, the user's positioning service and statistics are provided using the carrier's infrastructure (independent or unrelated to the carrier). There are examples of stakeholders. Another use case used for competing is to monitor competing carriers and record competing carrier network infrastructure for business intelligence. In addition to these commercial examples, there are countries where information such as cell planes are considered confidential for domestic security reasons. Since such information, such as cell IDs, is frequently used (in access, routing control, user management, invoicing, etc.) in many nodes and systems of the carrier network, this information is It must be appropriately controlled by a person so that it can be used by authorized services and / or authorized clients, as well as by devices in the network.

  Accordingly, it would be desirable to provide an apparatus, system and method that prevents the aforementioned problems and drawbacks.

  The accompanying drawings illustrate exemplary embodiments of the invention.

  According to one embodiment, there is provided a method for protecting sensitive network information available in a handset connected to a network from leakage to unauthorized servers by using an abstract function module. The method includes the step of receiving an encoding key from the abstraction server at the abstraction function module, and the confidential network stored in the control plane module of the handset in which both the control plane module and the user plane module exist in the handset. A request from the control plane module to receive a request from a client or application that exists in a user plane module different from the control plane module for requesting information, and the abstraction function module The extracted confidential network information, encrypting the extracted confidential network information by the abstraction function module based on the received encoding key, and the encrypted confidential network information It comprises providing to a client or application in the user plane module.

  According to another example embodiment, a handset configured to protect sensitive network information available on a networked handset from leakage to unauthorized servers by using an abstraction function module is provided. Is done. The handset comprises a transceiver that receives an encoding key from an abstraction server and a processor that includes an abstraction function module and is coupled to the transceiver to receive a decryption key. The abstraction function module is a user plane different from the control plane module that requires both the control plane module and the user plane module to be present in the handset and to request the provision of sensitive network information stored in the control plane module of the handset. The request from the client or application existing in the module is received, the requested confidential network information is extracted from the control plane module, and the extracted confidential network information is encrypted based on the received encoding key and encrypted. It is configured to provide sensitive network information to clients or applications in the user plane module.

  According to one embodiment, a computer readable medium is provided that includes instructions executable by a computer that, when executed, provides unauthorized network information available to a handset connected to a network to an unauthorized server. Implement methods to protect against leaks. The method includes providing a system comprising separate software modules including an abstraction function module, a control plane module, and a user plane module, and receiving an encoding key from the abstraction server at the abstraction function module. And both the control plane module and the user plane module are present in the handset and are in a different user plane module than the control plane module to request the provision of sensitive network information stored in the handset control plane module. The abstract function module receives a request from an existing client or application, and the abstract function module retrieves the requested confidential network information from the control plane module. And encrypting the retrieved confidential network information by the abstraction function module based on the received encoding key, and providing the encrypted confidential network information to the client or application in the user plane module. Including.

FIG. 2 is a conceptual diagram illustrating a mobile handset including a control plane and a user plane. It is a conceptual diagram which shows the mobile handset provided with the control plane which concerns on the example embodiment, a user plane, and the abstraction function between these planes. Fig. 4 illustrates a mobile handset according to an example embodiment and an application or web service in a non-telecom network connected to an abstraction server. FIG. 6 is a functional diagram illustrating a process of collecting network information and location information in a handset that does not have abstraction functionality. FIG. 6 is a functional diagram illustrating a process of receiving network information and location information in a server. FIG. 4 is a functional diagram illustrating a process for requesting location information for a handset based on handset network information. FIG. 6 is a functional diagram illustrating a process for searching for location information in a server. FIG. 6 is a functional diagram illustrating a process of collecting network information and location information in a handset with an abstraction function according to an example embodiment. FIG. 6 is a functional diagram illustrating a process of receiving encrypted network information and location information in a server according to an example embodiment. FIG. 6 is a functional diagram illustrating a process for requesting location information of a handset based on encrypted network information of the handset according to an example embodiment. It is a functional diagram which illustrates the process which searches the location information in a server based on the decoded network information based on the example embodiment. FIG. 6 illustrates signals exchanged between various components of a handset and server according to an example embodiment. 6 is a flowchart illustrating method steps for providing encrypted network information according to an example embodiment. FIG. 6 is a schematic diagram illustrating various modules of a handset according to an example embodiment. 1 illustrates a mobile handset according to an example embodiment.

  The following detailed description of the invention refers to the accompanying drawings. The same reference numbers in different drawings identify the same or similar elements. Also, the following detailed description does not limit the invention. Instead, the scope of the invention is defined by the appended claims.

  Throughout this specification, reference to “an embodiment” or “an embodiment” refers to a particular feature, structure, or characteristic described in connection with that embodiment in at least one embodiment of the invention. Means included. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

  According to an exemplary embodiment, by introducing an abstraction function in the mobile handset, the confidential information (as described above) obtained from the control plane is abstracted and the confidential information can be abused. It is possible to protect. With this abstraction function, in order to protect confidential information from abuse, for example, the confidential information can be hidden, modified, or encoded. According to one embodiment, not all information in the control plane is confidential. Therefore, non-confidential information obtained from the control plane can be shared with a third party who has not contracted with the network carrier. In this case, the abstraction function can be configured to determine which information in the control plane has confidentiality and which information does not have confidentiality. Further, it is possible to configure an abstraction function so that only confidential information obtained from the control plane is encrypted and non-confidential information is not encrypted.

  According to the exemplary embodiment described below, the abstraction layer is in the handset before exposing information to an interface such as Java, or to an operating system, or to a client in the user plane. The above information obtained from the control plane is processed. Note that any of the runtime environment Java, operating system, or client can retrieve sensitive network information from the control plane. For example, the abstraction function may be connected (always or scheduled or on demand) to a server in the carrier's network. If the abstraction is performed by encryption, the server can provide the encryption key to the abstraction function as described below. Since services in a carrier's network may depend on available information in the control plane, the above aspects are taken into account when abstracting the information according to the example embodiment, and these services are adversely affected. It is desirable not to give. One way to take this aspect into account is to encrypt the information according to a known encryption key by all associated entities in the carrier's network that need the information. When using the example of the OMA SUPL service described above, the cell ID information is encrypted using a known encryption key to the SUPL client in the handset, and then the cell ID information is transmitted to the SUPL server to which the encryption key is communicated can do.

  According to one embodiment, an abstraction function, which can be considered, for example, middleware, can be placed between the handset control plane and the interface and client. This arrangement exposes information obtained from the control plane to the user plane differently. In order to better understand these example embodiments, FIG. 1 is a diagram illustrating a conceptual diagram of a typical mobile handset 80 that does not have an abstraction function. In this figure, the bottom layer 100 represents the control plane, which is done via control signaling that is also used for connection, mobility, and some management of basic services (such as call control and SMS). It provides the core functionality of mobile handset 80, such as communication with a mobile telephone. An operating system 102 may exist at the top level of the control layer 100. The operating system manages phone functions and provides an interface to applications and client functions in the user plane 104. Clients and / or applications 106 such as browsers, calendars, and games are examples of services executed on the user plane 104 at the top level of the operating system 102.

  The mobile phone may also include a Java virtual machine (JVM) 110. The JVM 110 can run on top of the operating system 102 and allows Java® based applications to run on the handset 80. There are various JVMs adapted for platforms with various computing power and characteristics. One common JVM for mobile handsets is known as Java® Micro Edition (J2ME). J2ME provides multiple application programming interfaces (APIs) that application developers use to develop mobile handset applications.

  Therefore, the J2ME environment is convenient for developers who are not associated with a certain carrier and who intend to use a handset application that is subscribed to a certain carrier. The present embodiment provides a method for enabling the developers to access confidential information from the control plane when the carrier has a relationship with a plurality of carriers, as well as another development. And / or at least one of these latter developers and carriers will refuse to access information in the control plane if they are not authorized to access the data The method will be described. The Java® APIs used for various handset models are relatively similar to each other, so using Java® can, for example, customize applications associated with various handset models. It is possible to reduce the amount to be performed.

  As described above, the user plane 104 is arranged above the operating system 102 and Java (registered trademark) 110. The user plane 104 may include one or more applications and / or clients. One difference between a client and an application is that the application provides services to the user, whereas the client can perform networking functions and does not provide direct service to the user. A point can be mentioned. That is, the client has a low-level function for the user. These applications and clients 106 can use a user plane communication channel to exchange data with a carrier network or a third party. Such communication channels may be General Packet Radio Service (GPRS) and TCP / IP. Use these channels to communicate with the application server and content server 112 inside the carrier network (control area) or with the server 114 outside the carrier area (such as an Internet server). It becomes possible.

  Application 106 can access information and functions within handset 80 via either operating system 102 or Java 110. In addition to or separately from the above, a uniquely installed client 106 such as an OMA SUPL client may be provided in the user plane to access information in the control plane. Thus, the application or client 106 in the handset 80 can abstract information from the control plane via the API in the OS 102 and Java 110 and using a unique client such as the OMA SUPL 106, It is possible to call the function and transmit the function to the server 114 outside the network 112 of the carrier.

  According to one embodiment, FIG. 2 shows a mobile handset 80 with an abstraction function 200. The abstraction function 200 is arranged as a middleware layer between the control plane 100 and the user plane 104. For example, information provided from the control plane 100 to the user plane 104 via the operating system 102 or Java (registered trademark) 110 is provided. And operate to process all or part of at least one of the functions. The abstraction function 200 can be executed between the operating system 102 and the Java (registered trademark) 110. According to another example embodiment, the abstraction function 200 may be performed between the control plane 100 and the operating system 102, or between the operating system 102, the Java 110, and the user plane 104. it can. The abstraction function 200 can also be executed as a software module in the existing hardware of the handset or as a dedicated hardware module. In one application, the handset may include a smart card that is configured to provide abstract functional capabilities. According to this application, the abstraction function is portable. In other words, the user can remove the smart card from the currently used telephone and move the smart card to another telephone to provide an abstraction function that can be used with the new telephone. Further, according to this application, it is possible to configure an abstraction function especially for individual users, and not to configure this abstraction function for individual telephones. For example, network information may be confidential information for a client in one country, or may not be confidential information for a client in another country. Whether the information is confidential or not is irrelevant to the configuration of the handset. This is because this configuration is realized via a smart card. A smart card is a piece of hardware located in a handset, and the handset is configured to read various protocols and / or instructions from the smart card. The smart card is removable and can be transferred from one handset to another. In another application, the smart card may be just software (eg, having a security providing function as a soft SIM).

  According to one embodiment, the abstraction function 200 can establish a protective layer that insulates the control plane 100 from the user plane 104 so that an application or client 106 derived from the user plane 104 can access information or functions. Permission to be received from the control plane 100. For example, this authorization may be implemented as a license or another mechanism for managing authentication and authorization. According to another example embodiment, the abstraction function 200 may perform authentication and authorization using a handset or handset related information or mechanism (such as a SIM card, hardware identifier, digital rights management function, etc.).

  According to one embodiment, handset 80 may be connected to abstraction server 210 in the carrier's network as shown in FIG. This connection can enable the abstraction function 200 to exchange information with the abstraction server 210, thereby (i) a server that uses or requests information obtained from the handset control plane. And (ii) it is possible to achieve cooperation with the abstraction function existing in the handset. More specifically, assuming that the abstraction is by encryption, the abstraction server 210 can be used to provide the current encryption key to the abstraction function 200 in the handset 80. Information obtained from the abstraction server 210 such as information obtained from the control plane, user unique information and service unique information by the encryption / processing of information in the abstraction function 200 is obtained from the handset. It becomes possible to combine. This generally enables encryption for a predetermined amount of time, so that it can result in unique encryption for a particular handset, user, and / or service for a predetermined amount of time. Become.

  The encryption key can be changed as often as desired by the network operator so that storage of the encryption information and its associated location is not feasible as a solution for finding the location of the handset Can be. This is because the association between the encrypted information and the position of the handset is valid only for a predetermined time. In one application, the abstraction server 210 is configured to automatically change the encryption key at set time intervals or at random time intervals. In another application, the handset abstracts to provide an updated encryption key or update the current encryption key if it determines that the encryption key is older than a predetermined amount of time. Requests can be made to the server 210.

  The abstraction server 210 is shown in FIG. 2 as part of a carrier network. However, according to another example embodiment, as long as the abstraction server 210 maintains the encryption key confidentiality in accordance with the policy of the network operator 112, the abstraction server 210 is outside the carrier network. It may exist. As described in more detail below, the abstraction server 210 is configured to provide services to both the handset 80 and the server (including servers that do or do not belong to the carrier network) It is also possible to provide the adjusted encryption / decryption key to the handset 80. That is, for a given time period, the handset 80 and the service providing server 114 will use the matching encryption / decryption key.

  According to one embodiment, the abstraction server 210 can provide different encryption keys corresponding to the various services being used to the same handset 80 for a given period of time. That is, a first external server (a server that does not belong to a network carrier) provides the first service to the handset 80, and a second external server (also a server that does not belong to a network carrier). ) Provides the second service to the handset 80, the abstraction server 210 uses the first encryption key for the handset 80 to communicate with the first server and the second for the same predetermined time as the handset 80. A second encryption key different from the first encryption key can be provided for communicating with the other server.

  Accordingly, the abstraction function 200 according to these example embodiments processes information and function queries between the user plane 104 and the control plane 100 and then the abstraction server 210 in the carrier's network 112. And the abstraction server 210 can control the abstraction function 200 and instruct the abstraction function 200 with respect to an abstraction method such as an encryption key to be adapted.

  In general, the abstraction server 210 also encrypts applications, servers, and services that require encryption information inside or outside the network 112 of the carrier 112 connected to the non-telecommunications carrier network 114. Provide encryption / decryption key. FIG. 3 is a diagram showing an example of an architecture having the server 300 on the Internet connected to the abstraction server 210. This architecture includes an application, a server, and a service belonging to the network 114 of the non-telecommunications carrier. For example, an encryption key is provided for at least one of the above. The server 300 in the non-telecommunications carrier's network 114 obtains information directly from the abstraction server 210 (see path “c”) and interprets and decodes the information provided by the mobile handset 80 (path). The abstraction process need not necessarily be included in the signaling sequence “b” between the handset 80 and the carrier network 112, since the directly acquired information is used at the time (see “a”). Absent. As a result of this configuration, it is possible to reduce signaling between the handset 80 and the carrier's network 112, resulting in a reduction in network and server burden and time. In this way, the server 300 arranged outside the carrier network 112 interprets what has been transmitted along the path “a” from or to the mobile handset 80, It is possible to receive information necessary for adapting to this along the route “c”.

  In order to more fully understand these exemplary embodiments, two detailed implementation configurations are described below. These examples are not intended to limit the disclosure and / or applicability of the embodiments, but are only intended to provide a better understanding of some of the novel features. Both examples relate to the geographical location of the handset, ie location information. However, for other services that do not use location information, it is possible to perform at least one of adaptation and configuration similar to the case of the above example. In the first example, the abstraction function 200 is not provided for the handset, whereas in the second example, the abstraction function 200 is provided for the handset. More particularly, these examples include creating an ID plan for a base station cell outside the carrier's network. In this scenario, a mobile handset 80 with a positioning function (which can use either the carrier's positioning system or a GPS receiver) monitors the cell ID value, and the location where the cell ID value is extracted by the GPS. Associate with. As a result of this processing, it is possible to create a database including the cell ID value and the longitude, latitude, and altitude of the handset associated with the cell ID. When this database is generated by a party outside the network of the carrier, this database can be stored for a plurality of cell IDs and used by the mobile handset. Therefore, it becomes possible for other mobile handsets to acquire their location using the database without using the positioning function of the communication carrier or using other functions such as GPS ( Even if the accuracy of this database is generally lower than that created by network operators). However, this scenario is not desirable for network operators because the location information of the network operator's handset may be sensitive information that can be leaked to external parties at the time of contract.

  The exemplary scenario includes two aspects. The first aspect relates to the creation of the database described above. The second aspect relates to the use of this database. More specifically, the first aspect relates to the step of reporting network information from the handset to the server along with the location information of the handset retrieved from the reference system (in this case GPS) and building a database in the server. The second aspect relates to the step of determining the location of the mobile handset by utilizing the network information and searching for the corresponding location information in the database embedded in the first aspect. Thus, under this scenario, it is assumed that there is a client on the mobile handset 80 that fetches the network information (in this case the cell ID) from the control plane. Purely for purposes of explaining this example, assume that the client is based on J2ME and that the following three example methods can provide location information about the mobile communication network.

String MobileNetworkCode = System. GetProperty ("phone.mnc");
% Mobile network code consisting of country values (such as 262 for Germany) and carrier value% (such as 02 for Vodafone)
String LocationArea = System. GetProperty ("phone.lai");
Code% representing the location area that is the location of the cell such as% 1024
String CeIlID = System.getProperty ("phone.cid");
An 8-digit cell ID digit% such as% 32843107.

  According to the method disclosed above, the client (existing in the handset 80) has a code (country code) representing the country in which the handset is located, a value identifying the network operator, and the presence of the handset. The code for identifying the location area of the cell to be operated and the cell ID can be acquired. There are also ways in which signal strength and timing advance values can be retrieved from the handset and location information (such as geographical location) of the handset can be established based on these values instead of the values disclosed above. . The client may be symbian based, and the symbian provides more information via various other methods.

  With respect to the first aspect described above, a client in the mobile handset 80 can perform the three functions illustrated in FIG. 4 for creating a database. The first function 400 relates to obtaining the current location information of the handset 80 using GPS (which may be incorporated into the handset or connected to the handset via Bluetooth or the like). The second function 410 relates to the acquisition of network information, which is generally achieved by retrieving information from the control plane 100 of the handset 80 via the Java interface. According to one embodiment, such network information may include information about a country code (MobileNetworkCountrycode), information about a cell location area (LocationArea), and a cell ID of the cell. The third function 420 is a process for managing the connection (usually a predetermined IP address / URL) of the handset 80 with the server 114 on the Internet or other network, as well as the network information and the information extracted from GPS (longitude and , And location information (which may include at least one of latitude and altitude). This information may be stored in a database managed by the server 114. Instead of a point defined by the longitude, latitude, and altitude of the handset retrieved from the GPS, the network information can represent a region, so that the server 114 can point to the region represented by the specific network information (the handset's (Location) can be converted. In this scenario, where the network information with the highest accuracy is the cell ID, the server 114 is able to create a model with a nearly accurate geographical service area corresponding to the actual cell belonging to the network operator 112. .

  For example, the trigger for the above function may be the start of a client or action by the end user. In the aspect shown in FIG. 4, the server 114 can populate the database with information reported by clients in the mobile handset and can also store and / or maintain the database.

  Functions performed by the server 114 in response to receiving location information from the handset 80 are illustrated in FIG. According to this aspect, the data manager provided in server 114 receives information from handset 80 at step 500 and then stores this information at step 510 (ie, builds database 520), for example, in a predetermined format. For this purpose, the above information is provided to the database manager.

  When the mobile handset 80 queries the database 520 to determine its location information, the handset can use the network 112 information as a key for transmitting the query to the server 114, for example. Thus, as shown in FIG. 6, the client of handset 80 receives network information (this network information may include MobileNetworkCountrycode, LocationArea, and cell ID) via the Java interface at step 600. Then, in step 610, the network information is transmitted to the server 114 together with a request for providing location information corresponding to the network information. Server 114 receives the network information and then manages the process of searching database 520 to determine the location information of handset 80 during step 620. In step 630, the server 114 provides the determined location information to the handset 80, whereby the handset 80 answers the query, ie, at least one of the longitude, latitude, and altitude of the handset 80, for example. Will receive an answer containing Optionally, when utilizing the cell ID method to determine the radius, the server 114 can provide the radius of the cell. When other methods are used to determine the radius, the radius is calculated based on various parameters. For example, in GPS, the radius is about 10 m.

  The process described in step 620 of FIG. 6 as being performed at server 114 is illustrated in more detail in FIG. According to one embodiment, request / response manager 700 in server 114 receives a location request (which may include network information issued from handset 80), and then in step 710, the network information is stored in the database manager. 720. The database manager 720 searches the database 520 for location information of the handset 80 that matches the received network information. After the location information of the handset 80 is determined, the database manager 720 notifies the request / response manager 700 about this information at step 730. Request / response manager 700 provides the location information to handset 80 at step 740.

  No encryption is performed during the processing described with reference to FIGS. 4 to 7, and therefore, the network operator 112 accesses the network information acquired by the client handset from the control plane 100. Note that access by unauthorized third party servers 114 is possible.

  Although the above example has been described in connection with a mobile handset that does not have an abstraction function 200, such as the mobile handset 80 shown in FIG. 1, it has an abstraction function 200 such as the mobile handset 80 shown in FIG. An example of a mobile handset will be described next. In addition to providing useful security functions, if the handset is equipped with an abstraction function 200, such an abstraction function 200 may include user plane applications or clients 106 and information (in this case, within the control layer 100). Will have the potential to interfere with the interface to the network information), causing an authenticated service or client to be unable to perform its task. Thus, the above scenario for creating a base station cell ID plan outside the carrier network may be compromised. However, if the abstraction function 200 encrypts the network information in such a way that the server 114 can decrypt the network information, the methods illustrated in FIGS. 4 to 7 can be used as they are.

  Therefore, a typical technical example for creating a base station cell ID plan outside the network of a communication carrier will be described below. However, the creation of the base station cell ID plan is performed using the abstraction function 200 on the handset and the abstraction server 210 in the network 112. According to this example embodiment, the external server manages and hosts location information, such as a location mapping database, and providing the location of the handset according to network information has a business relationship with the carrier. And has access to the decryption key obtained from the abstraction server 210. Such an external server may be the server 300 shown in FIG.

  8 to 11, the above-described step of creating a database or a part of the creating step, and the above-described step of providing handset location information when using the abstraction function 200 or a part of the providing step Is similar to the steps shown in FIGS. 4-7 and will not be repeated in this document. However, some of the novel features shown in FIGS. 8-11 will now be described.

  As shown in FIG. 8, after GPS information is collected at step 800, handset 80 collects network information at step 810, encrypts the network information, and encrypts the network information and GPS information. Is transmitted to the user plane 104 application or client. Therefore, the network information extracted from the control plane 100 by the abstraction function 200 is not the [current mobile communication network code, location area, cell ID] (also called [MNC, LA, cell ID]), but the encrypted network. Information. Thus, it can be seen that both steps 810 and 820 include encrypted network information to protect this information from unauthorized third parties. In order to obtain accurate network information, the encrypted information must be decrypted using a valid decryption key.

  For the following explanation, the syntax to be used is as follows.

The network information [MNC, LA, cell ID] is encrypted using the encryption key KE, and then the encrypted network information is displayed as follows:
[MNC, LA, cell ID] _ΚΕ
Therefore, [MNC, LA, Cell _{ID] ΚΕ = Ε ([MNC} , LA, Cell ID], KE), however, E is an encryption algorithm. In order to obtain accurate network information, the encrypted information needs to be decrypted using a valid decryption key. Therefore, the correct decrypted network information [MNC, LA, cell ID] is given by:
[MNC, LA, cell ID] = D ([MNC, LA, cell ID] _、, KD)
However, D is a decryption algorithm, and KD is a decryption key. It should be noted here that the result of decryption does not necessarily have to be actual network information. For example, the result of the initial decryption is encrypted as it is, but since the encryption based on the static method is possible, the result is the same even if the encryption key KE is changed. More specifically, for positioning purposes, a complete cell global identity (CGI) string is not required, only a unique identifier that indicates the cell site. Since there is a possibility that CGI is confidential information, there is a case where confidential information is hidden by encoding CGI. In that case, the encoded CGI information can be used for positioning purposes. This approach can be a convenient way for operators to protect their network information from external entities while still allowing services such as the location fix service used as an example herein. .

  The server 114 that builds the database executes the steps illustrated in FIG. Information received from the handset 80 is decrypted by the data manager / supply module 900 based on the decryption key KD received from the abstraction server 210. Database manager 910 uses this decrypted information to build database 920.

  FIG. 10 illustrates that the function triggers the application or client of the handset 80 to query the network information from the control plane 100 in step 1000 and send a request to the server 114 in step 1010 to request the handset location information. It is a figure which shows the method to do. Both steps 1000 and 1010 make use of encrypted network information. Assuming that server 114 has decryption key KD and handset 80 receives the requested location information at step 1030, server 114 determines the location information of handset 80 at step 1020.

  The processing performed in step 1020 is shown in more detail in FIG. Request / response manager 1100 receives the encrypted network information from handset 80. This information is provided to the data manager 1120 at step 1110, which decrypts the network information based on the decryption key KD. Based on the received decoded network information, the database manager 1130 searches the database 920 for determining the location information of the handset 80. This location information is sent to request / response manager 1100 at step 1140, which sends this information to handset 80. The decryption key used by the data manager 1120 may be obtained from the carrier abstraction server 210.

  For completeness, an exemplary signal diagram associated with these two cases (database construction and database utilization for location determination) is shown in FIG. The steps numbered 1 to 14 in this figure will be described below. Steps 1 to 8 relate to database creation, and steps 9 to 14 relate to database use. A series of steps related to the construction of the database is marked as “A”, and another series of steps related to the use of the database is marked as “B”.

Regarding the construction of the database, the abstraction server 210 can provide the encryption key KE to the abstraction function 200 in step 1. At the same time or later, the abstraction server 210 can provide the corresponding decryption key KD to the location providing server 114 in step 2. When the encryption key KE is changed by the abstraction server 210, the abstraction server is configured to automatically update the decryption key KD at the location providing server 114. In step 3, client 106 can request network information and GPS location from various planes of handset 80. Whereas network information is located in the control plane 100, GPS information may be available in either the control plane 100, the user plane 104 or another plane. The request of step 3 is processed through the abstraction function 200. The abstraction function forwards the request to the native device API at step 4. The network information (MNC, LA, cell ID) is retrieved by the abstraction function 200 in step 5 and then encrypted. Therefore, this encrypted network information ([MNC, LA, cell ID] _ΚΕ ) is provided to the client 106 at step 6. Thereafter or simultaneously with step 6, GPS information is provided to client 106 at step 7. After the abstraction function 200 determines that the location information is not sensitive network information, the GPS information, i.e., location information, can be provided to the client or application 106 by the abstraction function 200 without being encrypted. . In one application, the client 106 retrieves location information without relying on the abstraction function 200 (ie, directly from a storage location in the handset 80 where the location information is stored). The client 106 can transmit the location information to the server 114 in step 8 using the received information (that is, encrypted network information and unencrypted location information).

  Accordingly, the server 114 can use the encrypted network information if it has the decryption key KD, or it can use the encrypted network information if it does not have the decryption key KD. It is impossible to extract network information from the network. In this way, an unauthorized server that is not part of the carrier's network 112 or an unauthorized server that is not contracted with the carrier's network 112 can abstract the network information (ie, confidential information). Disappear. Security of confidential network information is achieved by using the processing by the abstraction function implemented in the handset, and the activity of the third party server contracted with the network carrier 112 is affected by the encryption processing. Not receive.

These steps performed by the client or application 106 to determine the location information of the handset 80 according to another example embodiment will be described with reference to section B of FIG. In step 9, the location determination client 106 requests network information from the control plane 100. This request is processed by the abstraction function 200 like all other requests from the user plane 104 to the control plane 100. The abstraction function 200 forwards the request to the native device API in step 10 to obtain network information from the control plane 100. The network information (MNC, LA, cell ID) is retrieved by the abstraction function 200 in step 11 and then encrypted. The encrypted network information ([MNC, LA, cell ID] _ΚΕ ) is provided to the client 106 by the abstraction function 200 in step 12. The client 106 sends a request for location information to the server 114 at step 13. This request includes at least encrypted network information ([MNC, LA, cell ID] _ΚΕ ). After the server finds the location of the location information of the handset 80 corresponding to the received encrypted network information in its database, the client 106 selects the area corresponding to the decrypted network information (MNC, LA, cell ID). In step 14, position information of the specified handset 80 is received. Since the server 114 has the decryption key KD received from the abstraction server 210 in step 2 of FIG. 12, the server 114 can return the corresponding area of the handset 80.

  According to one embodiment, a method of protecting confidential network information available in a handset from leakage to unauthorized servers by using an abstract function module will be described with reference to FIG. The method includes a step 1300 of receiving an encoding key from the abstraction server in the abstraction function module, and both the control plane module and the user plane module are present in the handset and stored in the control plane module of the handset. The request from the client or application existing in the user plane module different from the control plane module for requesting the provision of confidential network information is received by the abstract function module 1302 and controlled by the abstract function module Step 1304 for extracting the extracted confidential network information from the plain module, and encrypting the extracted confidential network information by the abstract function module based on the received encoding key. It includes a step 1306, a step 1308 of providing the encrypted sensitive network information to a client or an application in the user plane module.

  The modules described above are illustrated in the example embodiment of FIG. The abstraction function module 1400 is connected to the user plane module 1410 and the control plane module 1420. These modules implement the functionality of the abstraction function 200 shown in FIG. 2, the control plane 100, and the user plane 104. These modules constitute at least one of the processor and the memory of the handset 80 in order to achieve the functions described with reference to FIGS.

  Accordingly, the above-described exemplary embodiments include an apparatus, system, and technique associated with creating a database on a server outside the network to which the handset belongs, based on data encryption by an abstraction function. It will be understood that it describes at least one of the functions of providing information from a database to a mobile terminal, handset or device without leaking confidential network information to unauthorized parties. While the above example embodiments have been described in the context of providing location information to a handset, as will be appreciated by those skilled in the art, new techniques and mechanisms for database construction and use include locations. It is not limited to the provision of information.

  For example, the terminal, handset, or device described above can be generally represented by the block diagram illustrated in FIG. In this figure, the mobile handset includes one or more physical transmit antennas 1502 (four in this example), but it is possible to use more or less than four transmit antennas. is there. The physical transmit antenna 1502 is connected to the processor 1506 via a transmit (TX) chain element 1504, which can include one or more filters, power amplifiers, and the like, as will be appreciated by those skilled in the art. Transmit chain element 1504 may be part of a transceiver configured to transmit and receive signals. A processor 1506 (and other potentially possible devices not shown) associated with the memory device 1508 operate to, for example, by software stored in additional hardware, or by software and hardware. The above-described abstraction function or abstraction layer 200 can be provided by any combination of the above. Thus, the functions of the abstraction layer described above can be performed in software, for example, by executing computer readable instructions from the memory device 1508 to perform the encryption or other techniques described above.

  Therefore, the exemplary embodiment also relates to software such as program codes and instructions stored in a computer-readable medium, and when these program codes and instructions are read by a computer, a processor, or the like, as described above. Obviously, certain processes associated with the transmission of information signals that are abstracted or hidden in this way are performed.

  Systems and methods for processing data in accordance with exemplary embodiments of the present invention can be performed by one or more processors executing instruction sequences contained within a memory device. Such instructions may be read into the memory device from other computer readable media, such as a secondary data storage device. Execution of the instruction sequence contained within the memory device causes the processor to operate, for example, as described above. In alternative embodiments, wiring circuitry may be used in place of software instructions or in combination with software instructions to implement the present invention.

  Many variations of the above-described example embodiments are envisioned. The above-described exemplary embodiments are for the purpose of illustrating, not limiting, the present invention in all respects. Thus, the present invention is capable of many variations in detailed implementation that can be derived from the description contained herein by a person skilled in the art. Accordingly, various modifications of the details of the invention can be derived from the specification by those skilled in the art. All such variations and modifications are considered to be within the scope and spirit of the present invention as defined by the appended claims. Any element, operation, or instruction used in the description of this application should not be construed as essential or essential to the invention unless otherwise indicated. Also, as used herein, the article “a” is intended to include one or more items.

  This application relates to US Provisional Patent Application 61 / 022,437 filed January 21, 2008 entitled "Network Abstraction and Concealment Function for Mobile Communication Devices" granted to Bolin et al. Priority is claimed from the provisional patent application, the entire disclosure of which is incorporated herein by reference.

Claims (20)

A method for protecting confidential network information available in a handset (80) connected to a network (112) from leakage to unauthorized servers by using an abstraction function module (200, 1400), comprising:
Receiving an encoding key (KE) from the abstraction server (210) in the abstraction function module (200, 1400);
Both the control plane module (100, 1420) and the user plane module (104, 1410) are present in the handset (80) and stored in the control plane module (100, 1420) of the handset (80). A request from a client or application (106) residing in a user plane module (104, 1410) different from the control plane module (100, 1420) to request provision of confidential network information Receiving at (200, 1400);
Retrieving the requested confidential network information from the control plane module (100, 1420) by the abstraction function module (200, 1420);
Encrypting the retrieved confidential network information by the abstraction function module (200, 1400) based on the received encoding key (KE);
Providing the encrypted sensitive network information to the client or application (106) in the user plane module (104, 1410). Receiving by the abstraction function module a request from the client or application for location information of the handset;
Determining that the location information of the handset is not sensitive network information;
The method of claim 1, further comprising: providing the location information to the client or application without encrypting the location information.   3. The method of claim 2, further comprising: transmitting the encrypted confidential network information and the unencrypted location information from the handset to a third party server provided outside the network. The method described in 1.   The method of claim 2, wherein the location information includes at least one of longitude, latitude, and altitude of the handset.   The confidential network information includes at least one of information on a country code, information on a location area of a cell in which the handset is located, a cell ID of the cell, and information on a neighbor list of the cell. The method of claim 1. Managing communication between the control plane module and the user plane module by an operating system;
The communication between the control plane module and the operating system and the user plane module so that all communication between the control plane module and the operating system and the user plane module is handled by the abstraction function module. The method of claim 1, further comprising providing an abstraction function module.   The third party server having an agreement with the network from the handset, such that a third party server decrypts the encrypted sensitive network information from the handset based on the decryption key. And transmitting the encrypted confidential network information to the third party server receiving a decryption key from the abstraction server controlled by the network. The method described in 1.   8. The method of claim 7, further comprising receiving location information of the handset from the third party server based on the transmitted encrypted confidential network information. A handset (80) connected to the network (112) and protecting the available sensitive network information from leakage to unauthorized servers by using the abstraction function modules (200, 1400);
A transceiver (1504) for receiving an encoding key (KE) from the abstraction server (210);
A processor (1506) including the abstraction function module (200, 1400) and connected to the transceiver (1504) to receive the decryption key (KE);
The abstraction function modules (200, 1400) are
Both the control plane module (100, 1420) and the user plane module (104, 1410) are present in the handset (80) and stored in the control plane module (100, 1420) of the handset (80). Receiving a request from a client or application (106) residing in a user plane module (104, 1410) different from the control plane module (100, 1420) to request provision of confidential network information;
Retrieve the requested confidential network information from the control plane module (100, 1420),
Encrypting the retrieved confidential network information based on the received encoding key (KE); and
A handset characterized in that the encrypted confidential network information is provided to the client or application (106) in the user plane module (104, 1410). The abstraction function module further includes:
Receiving a request from the client or application for location information of the handset;
Determining that the handset location information is not sensitive network information;
The handset according to claim 9, wherein the position information is provided to the client or application without encrypting the position information. The transceiver further comprises:
11. The handset according to claim 10, wherein the encrypted confidential network information and the unencrypted location information are transmitted from the handset to a third party server provided outside the network. .   The handset according to claim 10, wherein the position information includes at least one of longitude, latitude, and altitude of the handset.   The confidential network information includes at least one of information on a country code, information on a location area of a cell in which the handset is located, a cell ID of the cell, and information on a neighbor list of the cell. The handset according to claim 9. An operating system for managing communication between the control plane module and the user plane module;
The abstraction function module is:
Provided between the control plane module and the operating system and the user plane module so that all communication between the control plane module and the operating system and the user plane module is handled by the abstraction function module. 10. The handset of claim 9, wherein The transceiver further comprises:
The third party server having an agreement with the network from the handset, such that a third party server decrypts the encrypted sensitive network information from the handset based on the decryption key. 10. The handset of claim 9, wherein the encrypted confidential network information is transmitted to the third party server that receives a decryption key from the abstraction server controlled by the network. . The transceiver further comprises:
16. The handset of claim 15, wherein the handset location information is received from the third party server based on the transmitted encrypted confidential network information. A computer implementing a method for protecting sensitive network information available in a handset (80) connected to a network (112) from leakage to unauthorized servers by using the abstraction function modules (200, 1400) A computer-readable storage medium containing instructions executable on the computer,
Providing a system comprising separate software modules (1400, 1410, 1420) including an abstraction function module (1400), a control plane module (1420), and a user plane module (1410);
Receiving an encoding key (KE) from the abstraction server (210) in the abstraction function module (1400);
Both the control plane module (1420) and the user plane module (1410) are present in the handset (80) and provide the confidential network information stored in the control plane module (1420) of the handset (80). Receiving at the abstraction function module (1400) a request from a client or application (106) residing in a user plane module (1410) different from the control plane module (1420)
Retrieving the requested confidential network information from the control plane module (1420) by the abstraction function module (1420);
Encrypting the retrieved confidential network information by the abstraction function module (1400) based on the received encoding key (KE);
Providing the encrypted confidential network information to the client or application (106) in the user plane module (1410). Receiving by the abstraction function module a request from the client or application for location information of the handset;
Determining that the location information of the handset is not sensitive network information;
The storage medium according to claim 17, further comprising: providing the location information to the client or application without encrypting the location information.   The third party server having an agreement with the network from the handset, such that a third party server decrypts the encrypted sensitive network information from the handset based on the decryption key. 18. The method further comprising: transmitting the encrypted confidential network information to the third party server receiving a decryption key from the abstraction server controlled by the network. The storage medium described in 1.   The storage medium of claim 17, further comprising: receiving location information of the handset from the third party server based on the transmitted encrypted confidential network information.

Images